Thanks to the collaboration with Università Degli Studi Roma Tre, next 27th June we will have the OWASP EU Tour Rome Conference.<br>

+

OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. <br>Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

[https://www.owasp.org/index.php/EUTour2013_Rome_Agenda Here you can find the agenda and all the information to participate]

+

+

+

== OWASP Italy @ Security Summit 2013 ==

+

+

OWASP Italy participated to the Security Summit 2013 in Milan with 2 talks.<br>

+

[http://milano2013.securitysummit.it/eventi/view/35 See here for all the details]<br>

+

+

== OWASP Italy Day 2012: "Web Security in a Mobile World ==

+

+

<center>[[File:OWASPITDay2012.jpg]] </center>

+

+

We are pleased to announce that the [http://www.owasp.org/index.php/Italy OWASP Italy chapter] will host the OWASP Italy Day 2012 conference in Rome, Italy at the University of Rome La Sapienza next 23rd November 2012.

We are beginning a collaboration with David Balzarotti and Marco Balduzzi of International Secure Systems Lab(IsecLab) with the goal of sharing and improving new WebAppSec projects.<br>

*CLUSIT Member

*CLUSIT Member

Line 22:

Line 65:

Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations. So OWASP-Italy is now a [http://www.clusit.it/soci.htm CLUSIT member] and CLUSIT is an OWASP Educational Member.

Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations. So OWASP-Italy is now a [http://www.clusit.it/soci.htm CLUSIT member] and CLUSIT is an OWASP Educational Member.

−

*IsecLab Partnership

+

*ISACA Rome

−

Thanks to David Balzarotti and Marco Balduzzi, we are beginning a partnership with the International Secure Systems Lab(IsecLab) with the goal of sharing and improving new WebAppSec projects.

The Research Lab was originally founded in 2005 at the Technical University of Vienna. As of 2008, the Secure Systems Lab has become international and is distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis. The results of our research have been published in well-respected, international security conferences such as the IEEE Symposium on Security and Privacy, the Usenix Security Symposium, and the World Wide Web Conference. Furthermore, the Secure Systems Lab has released several security advisories that disclose previously unknown software vulnerabilities that we discovered. Currently funded projects of the International Secure Systems Lab include several Austrian Science Foundation (FWF) research projects, two European projects, three FIT-IT grants, two recent regional French-funded projects and several industry cooperations with Austrian banks and companies. Also, the lab maintains close ties with other well-known, international security institutions and industrial labs such as Symantec Research Europe.

*(May 10): OWASP Training at London: last 28th May in London, OWASP leaders deliver a course focused on the main OWASP Projects. This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

An event organized by Consip. More information [http://www.owasp.org/index.php/Italy_OWASP_Day_E-Gov_10 here]

=== November, 2009 - OWASP-Italy Day IV ===

=== November, 2009 - OWASP-Italy Day IV ===

Line 513:

Line 574:

[[Category:OWASP_Chapter]]

[[Category:OWASP_Chapter]]

+

[[Category:Europe]]

Revision as of 04:38, 11 June 2013

WELCOME

OWASP Italy

Welcome to the Italy chapter homepage. The chapter leader is Matteo MeucciClick here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

OWASP EU Tour 2013 - 27th June - Rome

Thanks to the collaboration with Università Degli Studi Roma Tre, next 27th June we will have the OWASP EU Tour Rome Conference.
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Activities

(May 10): OWASP Training at London: last 28th May in London, OWASP leaders deliver a course focused on the main OWASP Projects. This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

(21 Jun 06) Infosecurity 2006: the event is organized and managed by the CLUSIT.

Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". More info here

(1 Jun 06) "Quaderno CLUSIT"

CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP". Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but will be made public in about 3 months.

Thanks to Jim Weiler, Matteo Meucci has presented "Anatomy of two web attacks" at the OWASP-Boston meeting. More info here

(18 Nov 05) IDC - European Banking Forum

Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we will have a great speech at the IDC European IT Banking Forum 2005. Agenda: - New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair - Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy

(Apr 05) We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.

The presentation of the seminar we have done in ISACA Rome (31th March 2005) is now available here.

(Apr 05) We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).

(Mar 05) Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it here.

January 25th, 2007 - Isaca Rome

October 7th, 2006 - SMAU 2006

- "The quest for secure code: code review and fundamental of secure coding." Matteo Meucci will present an introduction to the new OWASP Projects and OWASP-Italy activities. Paolo Perego (sp0nge) will speak about safe coding and the importance of code periodic review as natural software life cycle. Paolo will give a vision on code review and its phases http://www.webb.it/event/eventview/5772

- "Advanced SQL Injection." Antonio Parata (S4tan) will explain SQL Injection, and how SQL Inference works on PHP/MySql platform. He will present an open source tool to support the testing. Alberto Revelli (icesurfer) will focus on Microsoft SQL Server: he will perform a live demo of sqlninja (http://sqlninja.sf.net), explaining how to obtain a pseudo-shell over SQL, how to escalate privileges, and how to play with the exotic equation: "SQL Injection + debug.exe + DNS = DOS prompt" ! http://www.webb.it/event/eventview/5774

September 29th, 2006 - OpenExp 2006

Abstract: Antonio will introduce some basic concepts about software security. It will be shown how SQL Inference works on PHP/MySql platform and presented an open source tool to support the testing. Finally will be listed some advises to avoid common bugs. http://www.openexp.it/

OWASP-Italy will have a stand from September 29th to October 1st.

June 21th, 2006 - InfoSecurity 2006

Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". The event is organized and managed by the CLUSIT.

Aug, 2006 - Article on Banca Finanza magazine

Banca Finanza, the italian magazine about finance and banking, has interviewed Raoul Chiesa talking about the new risks for the on-line banking security. Raoul speaks about OWASP and web application security Media:042006BF.pdf

June, 2006 - Quaderno CLUSIT

CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP". Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but it will be public in about 3 months.

April, 2005 - Published an article on ICT Security magazine

We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.

March, 2005 - OWASP Top-10 in Italian

Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it here.

Tools & Research

Nov, 2007 - sqlmap v0.5

Bernardo Damele and Daniele Bellucci have released the fifth versions of the tool sqlmap. sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.